MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

new: Limit modules to a single organisation 

- new settings in serverSettings
pull/2831/head
iglocska 2018-01-13 12:22:14 +01:00
parent 4e44f8dd0b
commit a2205fba31
5 changed files with 64 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/Controller/AttributesController.php
View File

@ -2580,7 +2580,7 @@ class AttributesController extends AppController {
if (empty($attribute)) throw new NotFoundException('Invalid Attribute');
$this->loadModel('Server');
$this->loadModel('Module');
$modules = $this->Module->getEnabledModules();
$modules = $this->Module->getEnabledModules($this->Auth->user());
$validTypes = array();
if (isset($modules['hover_type'][$attribute[0]['Attribute']['type']])) {
$validTypes = $modules['hover_type'][$attribute[0]['Attribute']['type']];

33
app/Controller/EventsController.php
View File

@ -864,12 +864,20 @@ class EventsController extends AppController {
$this->set('sightingsData', $sightingsData);
if (Configure::read('Plugin.Enrichment_services_enable')) {
$this->loadModel('Module');
$modules = $this->Module->getEnabledModules();
$modules = $this->Module->getEnabledModules($this->Auth->user());
foreach ($modules as $k => $v) {
debug($v);
if (isset($v['restrict'])) {
if (!$this->_isSiteAdmin() && $v['restrict'] != $this->Auth->user('org_id')) {
unset($modules[$k]);
}
}
}
$this->set('modules', $modules);
}
if (Configure::read('Plugin.Cortex_services_enable')) {
$this->loadModel('Module');
$cortex_modules = $this->Module->getEnabledModules(false, 'Cortex');
$cortex_modules = $this->Module->getEnabledModules($this->Auth->user(), false, 'Cortex');
$this->set('cortex_modules', $cortex_modules);
}
$this->set('deleted', (isset($this->params['named']['deleted']) && $this->params['named']['deleted']) ? true : false);
@ -996,12 +1004,21 @@ class EventsController extends AppController {
$this->set('sightingsData', $sightingsData);
if (Configure::read('Plugin.Enrichment_services_enable')) {
$this->loadModel('Module');
$modules = $this->Module->getEnabledModules();
$modules = $this->Module->getEnabledModules($this->Auth->user());
if (is_array($modules)) {
foreach ($modules as $k => $v) {
if (isset($v['restrict'])) {
if ($this->_isSiteAdmin() && $v['restrict'] != $this->Auth->user('org_id')) {
unset($modules[$k]);
}
}
}
}
$this->set('modules', $modules);
}
if (Configure::read('Plugin.Cortex_services_enable')) {
$this->loadModel('Module');
$cortex_modules = $this->Module->getEnabledModules(false, 'Cortex');
$cortex_modules = $this->Module->getEnabledModules($this->Auth->user(), false, 'Cortex');
$this->set('cortex_modules', $cortex_modules);
}
$this->set('contributors', $contributors);
@ -3786,7 +3803,7 @@ class EventsController extends AppController {
);
}
$this->loadModel('Module');
$modules = $this->Module->getEnabledModules(false, 'Export');
$modules = $this->Module->getEnabledModules($this->Auth->user(), false, 'Export');
if (is_array($modules) && !empty($modules)) {
foreach ($modules['modules'] as $module) {
$exports[$module['name']] = array(
@ -3832,7 +3849,7 @@ class EventsController extends AppController {
)
);
$this->loadModel('Module');
$modules = $this->Module->getEnabledModules(false, 'Import');
$modules = $this->Module->getEnabledModules($this->Auth->user(), false, 'Import');
if (is_array($modules) && !empty($modules)) {
foreach ($modules['modules'] as $k => $module) {
$imports[$module['name']] = array(
@ -4138,7 +4155,7 @@ class EventsController extends AppController {
if (empty($attribute)) throw new MethodNotAllowedException('Attribute not found or you are not authorised to see it.');
if ($this->request->is('ajax')) {
$this->loadModel('Module');
$enabledModules = $this->Module->getEnabledModules(false, $type);
$enabledModules = $this->Module->getEnabledModules($this->Auth->user(), false, $type);
if (!is_array($enabledModules) || empty($enabledModules)) throw new MethodNotAllowedException('No valid ' . $type . ' options found for this attribute.');
$modules = array();
foreach ($enabledModules['modules'] as $module) {
@ -4151,7 +4168,7 @@ class EventsController extends AppController {
$this->render('ajax/enrichmentChoice');
} else {
$this->loadModel('Module');
$enabledModules = $this->Module->getEnabledModules(false, $type);
$enabledModules = $this->Module->getEnabledModules($this->Auth->user(), false, $type);
if (!is_array($enabledModules) || empty($enabledModules)) throw new MethodNotAllowedException('No valid ' . $type . ' options found for this attribute.');
$options = array();
foreach ($enabledModules['modules'] as $temp) {

11
app/Model/Module.php
View File

@ -81,12 +81,20 @@ class Module extends AppModel {
} else return 'The module service reports that it found no modules.';
}
public function getEnabledModules($type = false, $moduleFamily = 'Enrichment') {
public function getEnabledModules($user, $type = false, $moduleFamily = 'Enrichment') {
$modules = $this->getModules($type, $moduleFamily);
if (is_array($modules)) {
foreach ($modules['modules'] as $k => $module) {
if (!Configure::read('Plugin.' . $moduleFamily . '_' . $module['name'] . '_enabled') || ($type && in_array(strtolower($type), $module['meta']['module-type']))) {
unset($modules['modules'][$k]);
continue;
}
if (
!$user['Role']['perm_site_admin'] &&
Configure::read('Plugin.' . $moduleFamily . '_' . $module['name'] . '_restrict') &&
Configure::read('Plugin.' . $moduleFamily . '_' . $module['name'] . '_restrict') != $user['org_id']
) {
unset($modules['modules'][$k]);
}
}
} else return 'The modules system reports that it found no suitable modules.';
@ -165,6 +173,7 @@ class Module extends AppModel {
foreach ($modules['modules'] as $module) {
if (array_intersect($this->__validTypes[$moduleFamily], $module['meta']['module-type'])) {
$result[$module['name']][0] = array('name' => 'enabled', 'type' => 'boolean');
$result[$module['name']][1] = array('name' => 'restrict', 'type' => 'orgs');
if (isset($module['meta']['config'])) foreach ($module['meta']['config'] as $conf) $result[$module['name']][] = array('name' => $conf, 'type' => 'string');
}
}

21
app/Model/Server.php
View File

@ -2143,6 +2143,15 @@ class Server extends AppModel {
$this->Module = ClassRegistry::init('Module');
$serverSettings = $this->serverSettings;
$moduleTypes = array('Enrichment', 'Import', 'Export', 'Cortex');
$orgs = $this->Organisation->find('list', array(
'conditions' => array(
'Organisation.local' => 1
),
'fields' => array(
'Organisation.id', 'Organisation.name'
)
));
$orgs = array_merge(array('Unrestricted'), $orgs);
foreach ($moduleTypes as $moduleType) {
if (Configure::read('Plugin.' . $moduleType . '_services_enable')) {
$results = $this->Module->getModuleSettings($moduleType);
@ -2154,6 +2163,12 @@ class Server extends AppModel {
$setting['type'] = 'boolean';
$setting['description'] = 'Enable or disable the ' . $module . ' module.';
$setting['value'] = false;
} else if ($result['type'] == 'orgs') {
$setting['description'] = 'Restrict the ' . $module . ' module to the given organisation.';
$setting['value'] = 0;
$setting['test'] = 'testLocalOrg';
$setting['type'] = 'numeric';
$setting['optionsSource'] = 'LocalOrgs';
} else {
$setting['test'] = 'testForEmpty';
$setting['type'] = 'string';
@ -2182,6 +2197,12 @@ class Server extends AppModel {
$setting['type'] = 'boolean';
$setting['description'] = 'Enable or disable the ' . $module . ' module.';
$setting['value'] = false;
} else if ($result['type'] == 'orgs') {
$setting['description'] = 'Restrict the ' . $module . ' module to the given organisation.';
$setting['value'] = 0;
$setting['test'] = 'testLocalOrg';
$setting['type'] = 'numeric';
$setting['optionsSource'] = 'LocalOrgs';
} else {
$setting['test'] = 'testForEmpty';
$setting['type'] = 'string';

10
app/View/Elements/healthElements/settings_tab.ctp
View File

@ -24,8 +24,10 @@
if ($setting['level'] == 0 || $setting['level'] == 2) $bgColour .= 'color:white;';
}
if ($setting['level'] == 3) $bgColour = 'background-color:gray;color:white;';
if ($setting['type'] == 'boolean') $setting['value'] = ($setting['value'] === true ? 'true' : 'false');
if (isset($setting['options'])) $setting['value'] = ($setting['options'][$setting['value']]);
if ($setting['type'] == 'boolean') $setting['value'] = ($setting['value'] === true ? 'true' : 'false');;
if (isset($setting['options'])) {
$setting['value'] = $setting['options'][$setting['value']];
}
if ($setting['setting'] == 'Security.salt' && !isset($setting['error'])) {
continue;
}
@ -39,7 +41,9 @@
<?php if ((isset($setting['editable']) && !$setting['editable']) || $setting['level'] == 3): ?>
<td id="setting_<?php echo h($subGroup) . '_' . $k; ?>_passive" class="inline-field-solid" style="<?php echo $bgColour; ?>width:500px;"><?php echo nl2br(h($setting['value']));?></td>
<?php else: ?>
<td id="setting_<?php echo h($subGroup) . '_' . $k; ?>_solid" class="inline-field-solid" ondblclick="serverSettingsActivateField('<?php echo $setting['setting'];?>', '<?php echo $k;?>')" style="<?php echo $bgColour; ?>width:500px;"><?php echo h($setting['value']);?></td>
<td id="setting_<?php echo h($subGroup) . '_' . $k; ?>_solid" class="inline-field-solid" ondblclick="serverSettingsActivateField('<?php echo $setting['setting'];?>', '<?php echo $k;?>')" style="<?php echo $bgColour; ?>width:500px;">
<?php echo h($setting['value']); ?>
</td>
<td id="setting_<?php echo h($subGroup) . '_' . $k; ?>_placeholder" class="short hidden inline-field-placeholder" style="<?php echo $bgColour; ?>width:500px;"></td>
<?php endif; ?>
<td style="<?php echo $bgColour; ?>"><?php echo h($setting['description']);?></td>